analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

http://urchintelemetry.com

Full analysis: https://app.any.run/tasks/32fae006-d358-405c-9b1c-190d749c9b75
Verdict: Malicious activity
Analysis date: February 21, 2020, 16:09:44
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

CA079281EA3FB625E3535964A56EFB54

SHA1:

D3A9803EE2EE6434F2550947C9CBEC241D162764

SHA256:

8BC39705E066D4FB66AF15ECA6E9B9ADA143B6BDBCCD3021B877736C6C24A321

SSDEEP:

3:N1KLXaOIuF:CunuF

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3180)
      • iexplore.exe (PID: 1520)
    • Changes internet zones settings

      • iexplore.exe (PID: 1520)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3180)
    • Application launched itself

      • iexplore.exe (PID: 1520)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 1520)
    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 1520)
    • Changes settings of System certificates

      • iexplore.exe (PID: 1520)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
1520"C:\Program Files\Internet Explorer\iexplore.exe" http://urchintelemetry.comC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
3180"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1520 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
7 278
Read events
852
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
11
Unknown types
2

Dropped files

PID
Process
Filename
Type
1520iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3180iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\8QU1CQCK.htmhtml
MD5:BF7580D255634BC899C8BE538237D50E
SHA256:22F357BDB6DECD369D9EC7B85E8E54292E23A4DCDDAAEFFE5CE463D800A72C03
3180iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\min[1].jstext
MD5:5563332AD6AF63C9C94CEF15761BE544
SHA256:4EFEC11A42893D4DF0249174CBE5AFAE24A5734F5DED35C5E84C56BF9F473EC2
3180iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\libg[1].pngimage
MD5:B06CC0EE3C9BE723861A2FE8F3B594E6
SHA256:3D876C43F21D31D03EEF6D5B51E9CF7D28F6B0F017239300980AF88522A173A0
3180iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\logo[1].pngimage
MD5:9C98595145E8A8F5A7B6D4F88DCEEA6A
SHA256:B690A0CC0AD3A4899A5E6C52E4A5C7CA6C2F334F946C72B2AAFECB316D83B932
3180iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\arrow[1].pngimage
MD5:9B3B30BF536E8E02958B60FE30988CD3
SHA256:368C4A249C5EEB012917122F5314AF8F89E7A7CC583D8BEF33950F60CF0214D0
3180iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\ubuntu-b[1].eoteot
MD5:7993208D5E2A6F3D6F461B69B292A47E
SHA256:F61D164B9E4C3DBDBE6F34B7D9FCA55A3B9DAE1929AA65E59408673410662FD3
1520iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].icoimage
MD5:9FB559A691078558E77D6848202F6541
SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
3180iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\ubuntu-r[1].eoteot
MD5:DBA7374F1813F5D55190C2851181409F
SHA256:645A384C895A5E3F9ABDFE2C8FE1BDAB2CFBAE6E69BA711F58DD3F237F2839FE
3180iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\px[2].jstext
MD5:F84F931C0DD37448E03F0DABF4E4CA9F
SHA256:5C1D5FD46A88611C31ECBB8FFC1142A7E74EC7FB7D72BD3891131C880EF3F584
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
27
DNS requests
10
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3180
iexplore.exe
GET
200
204.11.56.48:80
http://urchintelemetry.com/
VG
html
6.70 Kb
malicious
3180
iexplore.exe
GET
200
2.16.186.106:80
http://i1.cdn-image.com/__media__/js/min.js?v2.2
unknown
text
2.97 Kb
whitelisted
3180
iexplore.exe
GET
200
2.16.186.106:80
http://i4.cdn-image.com/__media__/fonts/ubuntu-r/ubuntu-r.eot?
unknown
eot
33.8 Kb
whitelisted
3180
iexplore.exe
GET
200
204.11.56.48:80
http://urchintelemetry.com/px.js?ch=2
VG
text
346 b
malicious
3180
iexplore.exe
GET
200
204.11.56.48:80
http://urchintelemetry.com/sk-logabpstatus.php?a=Z0FIYUl1M1VVUktyeVdCK0RnSHhVSU5ySUxoMG5jTHdkc3RJdW1wd1huY1V2TG9YMUVQdDBuWVg5Y2lsRUlTL0p1d2IrQWtrOVQ0eHRjOUMrSEx5Nkhub0dMN0VZdWJybUhwQ1E5QTdpUHc9&b=false
VG
text
346 b
malicious
3180
iexplore.exe
GET
200
2.16.186.106:80
http://i4.cdn-image.com/__media__/fonts/ubuntu-b/ubuntu-b.eot?
unknown
eot
110 Kb
whitelisted
3180
iexplore.exe
GET
200
2.16.186.106:80
http://i3.cdn-image.com/__media__/pics/12471/bodybg.png
unknown
image
94.9 Kb
whitelisted
3180
iexplore.exe
GET
200
2.16.186.106:80
http://i4.cdn-image.com/__media__/pics/12471/libg.png
unknown
image
1.07 Kb
whitelisted
3180
iexplore.exe
GET
200
2.16.186.106:80
http://i3.cdn-image.com/__media__/pics/12471/search-icon.png
unknown
image
1.16 Kb
whitelisted
3180
iexplore.exe
GET
200
204.11.56.48:80
http://urchintelemetry.com/px.js?ch=1
VG
text
346 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1520
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
204.11.56.48:80
urchintelemetry.com
Confluence Networks Inc
VG
malicious
3180
iexplore.exe
204.11.56.48:80
urchintelemetry.com
Confluence Networks Inc
VG
malicious
3180
iexplore.exe
2.16.186.106:80
i1.cdn-image.com
Akamai International B.V.
whitelisted
3180
iexplore.exe
2.16.186.64:80
i1.cdn-image.com
Akamai International B.V.
whitelisted
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
urchintelemetry.com
  • 204.11.56.48
malicious
i1.cdn-image.com
  • 2.16.186.106
  • 2.16.186.64
whitelisted
i4.cdn-image.com
  • 2.16.186.106
  • 2.16.186.64
whitelisted
i3.cdn-image.com
  • 2.16.186.106
  • 2.16.186.64
whitelisted
i2.cdn-image.com
  • 2.16.186.106
  • 2.16.186.64
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted

Threats

No threats detected
No debug info